| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WebSphere MQ Extended Security Edition 5.3 - A Primer |
« View previous topic :: View next topic » |
| Author |
Message
|
| hopsala |
 Posted: Mon Mar 07, 2005 11:18 pm Post subject: WebSphere MQ Extended Security Edition 5.3 - A Primer |
 |
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Hi there,
I am consulting a site concerning MQSeries, which has asked me for details of this product. After some scavenging around the internet, I was not able to find any real data other than product announcements and other marketing information.
By inference, I was able to tentatively deduce that this product has two functions which MQ5.3 (or 5.3.1) does not:
A> Encription of messages within the queue (as opposed to the current communication-only encription on MQ channels)
B> Some form of management tool to replace the horrid "setmqaut" authorization interface, and the ability to administer it from a central point and in a more convenient fashion.
Whether or not all this is true, I know not. Thus, I implore anyone that has any real hands-on knowledge in using this product, or knows Exactly what it supplies, to aid a fellow MQ admin in need.
Thanks,
hopsala.
(IBM Really should find an acronym for this product, neh?) |
|
| Back to top |
|
 |
| zpat |
| Posted: Mon Mar 07, 2005 11:33 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| It's just a bundle of MQ with Tivoli Access Manager for e-business integration. |
|
| Back to top |
|
|
| PGoodhart |
| Posted: Tue Mar 08, 2005 4:55 am Post subject: |
|
|
Master
Joined: 17 Jun 2004
Posts: 278
Location: Harrisburg PA
|
Oh and just to clarify, you can get buy/build better security with base MQ fairly easily.
_________________
Patrick Goodhart
MQ Admin/Web Developer/Consultant
WebSphere Application Server Admin |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Mar 08, 2005 4:59 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
TAMBI is not widely used in my experience (but I don't see how you can encrypt and digitially sign messages with base MQ other than by writing exits).
One reason is that you really need to have it on all the queue managers for it to be of any use and if you have any mainframes QMs, the license cost is very high for these.
Another issue is the effect of using a message broker on end-to-end encrypted messages (think about it).
If you are installing MQ for the first time (and don't have mainframes) and require end to end security for messages then TAMBI would make sense. |
|
| Back to top |
|
|
| hopsala |
| Posted: Sun Mar 13, 2005 8:41 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
zpat: " (but I don't see how you can encrypt and digitially sign messages with base MQ other than by writing exits)"
hm? You can simply use channels configured to work with SSL, which, after negotiation and authentication, creates a shared symmetric key and encrypts the messages transferred between the channels.
Granted, the Message is not encrypted per se - that is - the packets are encrypted and verified seperately, but with no reference to the entity "message". However, this gives you pretty much the same effect.
There is one essential difference, as far as I can tell, between on message-level rather than packet-level encryption, and that is that the messages waiting in the queue are encrypted. But if your OAM is correctly cofigured, only the application which has permission to use the queue can read the messages anyhow, so there is no breach if messages are plain text.
So, I see here only the following cases in which this is relevant:
A> As you said, a central message broker.
B> Cost.
C> If one queue receives both secure and non-secure messages, which is usually (but not always) due to poor design.
In any event, you state that it is not widely used. Which other similar product do you know that is popular, and not in vain? |
|
| Back to top |
|
|
| zpat |
| Posted: Sun Mar 13, 2005 10:09 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
There is no "popular" MQ security product. It's not exactly a large market. I wouldn't let that put you off TAMBI though, it is from IBM after all.
Some banks use the product from Primeur - I don't know of any others.
I can't imagine IBM (who of course own Tivoli) going to all the trouble of developing TAMBI if base MQ security was good enough for financial institutions etc.
What they are looking for is some way of ensuring the message received by the application cannot have been tampered with en-route or in the queue and is definitely from a known origin application.
Watch out for MQ security products lagging behind MQ and WBIMB release dates for new versions though (if you are the sort that likes to upgrade quickly). |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
